Every CVE whose affected-product data names Nettle Project Nettle, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2015-8803 — CVSS 9.8 (critical): The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its…
CVE-2015-8804 — CVSS 9.8 (critical): x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation…
CVE-2015-8805 — CVSS 9.8 (critical): The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its…
CVE-2021-20305 — CVSS 8.1 (high): A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result…
CVE-2021-3580 — CVSS 7.5 (high): A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to…
CVE-2016-6489 — CVSS 7.5 (high): The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.
CVE-2018-16869 — CVSS 5.7 (medium): A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted…